<?
session_start();
include 'connect.php';
$email =  mysql_real_escape_string($_GET['email']);
$passw =  mysql_real_escape_string($_GET['passw']);
$action =  mysql_real_escape_string($_GET['action']);



if($action == "confirm"){
	$output = json_encode(array("status"=>"error", "message"=>"NO"));
}else{
	echo "<specs>";
}

If($email != "" && $passw != ""){

$passw = md5($email.$passw);

$abfrage = "SELECT spec.specId
					,spec.layout
				   ,spec.jobId
				   ,spec.level
				   ,spec.description
				   ,spec.public
				   ,spec.cdate
				   ,spec.udate
			FROM (
			ffxivc_specs as spec 
			LEFT JOIN ffxivc_users as user
			ON user.userId = spec.userId)
		WHERE import = 'N' 
			AND user.email = \"".$email."\"
			AND user.password = \"".$passw."\"
		";			
		$res = mysql_query($abfrage);
		
	
	
	while ($row = mysql_fetch_array($res, MYSQL_ASSOC)) {
	
	
		if($action == "confirm")
		{
			$abfrage = "UPDATE ffxivc_specs SET import = 'Y' WHERE specId = \"".$row['specId']."\"";
			mysql_query($abfrage);
		
		}else
		{
			
			echo "	<spec>
					<specId>".$row['specId']."</specId>
					<layout>".$row['layout']."</layout>
					<jobId>".$row['jobId']."</jobId>
					<level>".$row['level']."</level>
					<description>".$row['description']."</description>
					<public>".$row['public']."</public>
					<cdate>".$row['cdate']."</cdate>
					<udate>".$row['udate']."</udate>
				</spec>";
			
		}
	}
	
	

}

if($action == "confirm"){
	$output = json_encode(array("status"=>"success", "message"=>"OK"));
}else{
	echo "</specs>";
}

?>